CLAIM AMENDMENTS 

1 . (currently amended) Apparatus for integrating a seller's Web site with a public key 
infrastructure, wherein: 

the public key infrastructure comprises a buyer computer having a Web browser adapted 
to invoke a signing interface to digitally sign electronic messages and a seller's bank computer 
system adapted to receive service requests from the seller and to respond to those requests; 
and[[;]] 

the seller's Web site comprises: 

a filter adapted to redirect HTTP requests received from the Web browser; 

coupled to the filter, an Internet server application adapted to receive a redirected HTTP 
requests from the filter and to process the redirected HTTP requests; and 

coupled to the Internet server application, a filter engine adapted to receive the processed 
HTTP request s from the Internet server application and to identify an HTTP requests that 
contains data requiring a digital signature by the buyer computer. 

2. (currently amended) The apparatus of claim 1, wherein: 

the filter engine is further adapted to identify an HTTP requests that [[requires]] require 
accessing a service offered by the seller's bank and to formulate a request for the service; and 

the seller's Web site further comprises, coupled to the filter engine, a bank interface 
adapted to receive the requests from the filter engine, reformat the requests, and transmit the 
requests to the seller's bank. 



3. (currently amended) The apparatus of claim 2, wherein the bank interface is further 
adapted to receive a service responses to the requests from the seller's bank, and forward the 
responses to the filter engine. 

4. (currently amended) The apparatus of claim 2, wherein the at least one service is 
certificate validation of a buyer digital certificate . 

5. (previously presented) The apparatus of claim 1, wherein the seller's Web site further 
comprises, coupled to the filter, a Web server adapted to parse requests redirected by the filter. 

6. (previously presented) The apparatus of claim 1, wherein services provided by the 
seller's bank are provided within the context of a four-corner model. 

7. (previously presented) The apparatus of claim 6, wherein the four-corner model 
comprises the buyer, the seller, the seller's bank, and a buyer's bank. 

8. (previously presented) The apparatus of claim 1, wherein the filter is implemented 
using ISAPI. 

9. (previously presented) The apparatus of claim 1, wherein the Internet server 
application is adapted to generate HTTP responses based on data received from the filter engine. 

10. (currently amended) The apparatus of claim 1, wherein the Internet server 
application is adapted to pass a hash tables to the filter engine. 

1 1 . (currently amended) The apparatus of claim 10, wherein the each hash table 
comprises headers from the a redirected HTTP request. 
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12. (currently amended) The apparatus of claim 10, wherein the each hash table 
indicates a method of the redirected HTTP request. 

13. (currently amended) The apparatus of claim 10, wherein the each hash table 
comprises the a content-type of the a redirected HTTP request. 

14. (currently amended) The apparatus of claim 10, wherein the each hash table 
comprises the a buyer computer's IP address. 

15. (currently amended) The apparatus of claim 10, wherein the each hash table 
comprises actual data in the a redirected HTTP request. 

16. (currently amended) The apparatus of claim 10, wherein the each hash table 
comprises a unique session ID. 

17. (previously presented) A system for integrating a seller's Web site with a public key 
infrastructure, the Web site comprising a Web server and a Web application, the public key 
infrastructure comprising a buyer computer comprising a Web browser adapted to invoke a 
signing interface to digitally sign electronic messages, the public key infrastructure further 
comprising a seller's bank computer system adapted to receive service requests from the seller 
and respond to those requests with digitally signed service responses; the system comprising: 

a filter adapted to redirect HTTP requests received from the Web browser; 

an Internet server application adapted to receive a redirected HTTP request from the filter 
and process the redirected HTTP request; and 

a filter engine adapted to receive the processed HTTP request and identify an HTTP 
request that contains data requiring signature by the buyer; wherein: 
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the Internet server application is a servlet. 

18. (previously presented) The system of claim 17, wherein the servlet is constructed as 
a public class object that extends javax.servlet.http.HttpServlet. 

19. (previously presented) The system of claim 18, wherein the public class object 
comprises at least one of a callFilterEngine method, a doGet method, a doPost method, a 
getRequestHeaders method, a handle Request method, an init method, a print ErrorResponse 
method, a printPluginPage method, a readMessage method, a read RequestData method, and a 
setServletHeaders method. 

20. (previously presented) The system of claim 17, wherein the filter engine is adapted 
to return an object to the servlet. 

21. (previously presented) The apparatus of claim 20 5 wherein the object comprises an 
integer value indicating one of the following four conditions: 

a signature is required on data in the HTTP request; 

a response has been received from the seller's bank concerning a service request; 
the HTTP request has been passed through to a Web application; 
an error occurred. 

22. (previously presented) The apparatus of claim 2 1 , wherein when the integer value 
indicates that a signature is required on data in the HTTP request, the Internet server application 
stores a state of the filter engine in a cookie and causes a Web page containing the cookie and an 
instruction to sign the data to be transmitted to the Web browser. 
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23. (previously presented) The apparatus of claim 1, wherein the filter engine determines 
whether an HTTP request contains data requiring signature by applying filtering rules. 

24. (previously presented) The apparatus of claim 1 5 wherein the filter engine is 
programmed to recognize each HTTP request that includes data requiring a digital signature by 
the buyer's computer. 

25. (previously presented) The apparatus of claim 1, wherein the filter engine is 
programmed to recognize HTTP requests transmitted by the Web browser that have been 
modified to include a special tag that indicates whether the request includes data that requires a 
digital signature by the buyer's computer. 

26. (previously presented) A system for integrating a seller's Web site with a public key 
infrastructure, the Web site comprising a Web server and a Web application, the public key 
infrastructure comprising a buyer computer comprising a Web browser adapted to invoke a 
signing interface to digitally sign electronic messages, the public key infrastructure further 
comprising a seller's bank computer system adapted to receive service requests from the seller 
and respond to those requests with digitally signed service responses; the system comprising: 

a filter adapted to redirect HTTP requests received from the Web browser; 

an Internet server application adapted to receive a redirected HTTP request from the filter 
and process the redirected HTTP request; and 

a filter engine adapted to receive the processed HTTP request and identify an HTTP 
request that contains data requiring signature by the buyer; wherein: 

the filter engine is implemented as a public class object that extends java.lang.object. 



27. (previously presented) The system of claim 26, wherein the public class object 
comprises at least one of the following methods: a callWebApp method, a getSessionID method, 
a newRequestHandler method, an oldRequestHandler method, a service method, and a 
signedRequestHandler method. 

28. (previously presented) The apparatus of claim 1, wherein the filter engine provides 
an abstracted front end interface via an object oriented computer programming language remote 
method invocation. 

29. (previously presented) The apparatus of claim 1, wherein the filter engine employs a 
rules class. 

30. (previously presented) A system for integrating a seller's Web site with a public key 
infrastructure, the Web site comprising a Web server and a Web application, the public key 
infrastructure comprising a buyer computer comprising a Web browser adapted to invoke a 
signing interface to digitally sign electronic messages, the public key infrastructure further 
comprising a seller's bank computer system adapted to receive service requests from the seller 
and respond to those requests with digitally signed service responses; the system comprising: 

a filter adapted to redirect HTTP requests received from the Web browser; 

an Internet server application adapted to receive a redirected HTTP request from the filter 
and process the redirected HTTP request; 

a filter engine adapted to receive the processed HTTP request and identify an HTTP 
request that contains data requiring signature by the buyer; and 
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a rules class, wherein the rules class comprises the following methods: a getMode 
method, a getService method, a readRules method, a rulesMatch method, and a validateRules 
method. 

3 1 . (previously presented) The apparatus of claim 1 wherein the seller's Web site further 
comprises, coupled to the filer engine, a bank interface designed with a plug-in based 
architecture. 

32. (previously presented) The apparatus of claim 1 wherein the seller's Web site further 
comprises, coupled to the filer engine, a bank interface supporting an abstract front-end interface 
to allow communication via a plurality of middleware technologies. 

33. (previously presented) The apparatus of claim 1 wherein the seller's Web site further 
comprises, coupled to the filter engine, a bank interface adapted to create and transmit OCSP 
requests. 

34. (previously presented) The apparatus of claim 1 wherein the seller's Web site further 
comprises, coupled to the filter engine, a bank interface comprising a certificate status check 
module. 

35. (previously presented) A system for integrating a seller's Web site with a public key 
infrastructure, the Web site comprising a Web server and a Web application, the public key 
infrastructure comprising a buyer computer comprising a Web browser adapted to invoke a 
signing interface to digitally sign electronic messages, the public key infrastructure further 
comprising a seller's bank computer system adapted to receive service requests from the seller 
and respond to those requests with digitally signed service responses; the system comprising: 
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a filter adapted to redirect HTTP requests received from the Web browser; 

an Internet server application adapted to receive a redirected HTTP request from the filter 
and process the redirected HTTP request; 

a filter engine adapted to receive the processed HTTP request and identify an HTTP 
request that contains data requiring signature by the buyer; and 

a bank interface, wherein the bank interface comprises a public class object that extends 
java.lang.object. 

36. (previously presented) A system for integrating a seller's Web site with a public key 
infrastructure, the Web site comprising a Web server and a Web application, the public key 
infrastructure comprising a buyer computer comprising a Web browser adapted to invoke a 
signing interface to digitally sign electronic messages, the public key infrastructure further 
comprising a seller's bank computer system adapted to receive service requests from the seller 
and respond to those requests with digitally signed service responses; the system comprising: 

a filter adapted to redirect HTTP requests received from the Web browser; 

an Internet server application adapted to receive a redirected HTTP request from the filter 
and process the redirected HTTP request; 

a filter engine adapted to receive the processed HTTP request and identify an HTTP 
request that contains data requiring signature by the buyer; and 

a public class, wherein the public class object comprises a createOCSPRequest method, a 
getCertificatelD method, a getCertStatus method, a getCertsVerifyMessage method, a getURL 
method, an isResponseSuccessful method, a logAndBuildReturnObject method, a processOCSP 
method, a sendAndReceiveMessage method, a serviceRequest method, and a 
verifyResponseSignature method. 
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37. (currently amended) Apparatus for integrating a seller's Web site with a public key 
infrastructure, said apparatus comprising: 

a Web server located at the seller's Web site; 

a Web application coupled to the Web server and also located at the seller's Web site, the 
Web application adapted to: 

identify those HTTP requests from a buyer that include data requiring a digital 
signature of the buyer; 

create a Web page for transmission to a browser controlled by the buyer that will 
eatts e, said Web page causing the browser to invoke a signing interface enabling the buyer to 
digitally sign the data; and 

identify those HTTP requests that require a service provided by an entity other 
than the seller; and 

coupled to the Web application and also located at the seller's Web site, an interface 
module adapted to receive a requests for service from the Web application, format and transmit 
the requests, receive a responses to the requests, and forward the responses to the Web 
application. 
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